Skip to content

Most Brex APIs require a Brex admin to grant access. In these cases, only users with the account admin role can be authenticated.

Additionally:

  • Bookkeepers may access the accounting API.
  • Partners using the onboarding API authenticate with a Client Credentials Grant–there is no user associated with this API access.

Scopes

Scopes define which endpoints your app has access to. You will specify your scopes when generating your user token.

For more information on how scopes work in general, see the OAuth website.

Scopes are additive

As a general security practice, you should request the minimum set of scopes required for whatever action the user is performing. For instance, if you are building a simple app that lists all of a company's cards, you should request the cards.readonly scopes. Since you are not modifying any data, you only need the readonly version of the cards scope.

If you later want to add new functionality that requires fetching user information, or make updates to cards, you can request those scopes (users, cards) which will send the user through the authentication flow again and add those scopes to their previously consented scopes.

User scopes

At the beginning of each API reference, there is a list of the scopes required for that given API. They are also listed here for convenience.

Authentication

These 2 scopes are included automatically in user tokens.

ScopeDescription
openidMake an OpenID Connect request
offline_accessObtain an OAuth 2.0 refresh token

Accounting API

ScopeDescription
accounting.integration.readView accounting integration
accounting.integration.writeView and manage accounting integration
accounting.record.readView accounting records
accounting.record.writeView and manage accounting records

Budgets API

ScopeDescription
budgets.readonlyView budget data
budgetsView and manage budget data

Expenses API

ScopeDescription
expenses.card.readonlyView card expense data
expenses.cardView and manage card expense data

Fields API

ScopeDescription
fields.readView custom field definitions
fields.writeView and manage custom field definitions
field_values.readView custom field values
field_values.writeView and manage custom field values

Onboarding API

ScopeDescription
https://onboarding.brexapis.com/referralsView and manage referrals

Payments API

ScopeDescription
incoming_transfersView and manage incoming transfers
linked_accounts.readonlyView linked accounts
transfers.readonlyView existing transfers
transfersView and manage transfers
vendors.readonlyView vendor data
vendorsView and manage vendor data

Team API

ScopeDescription
cards.readonlyView card data
cardsView and manage card data
cards.panView card number data
companies.readonlyView company data
departments.readonlyView department data
departmentsView and manage department data
legal_entities.readonlyView legal entity data
legal_entitiesView and manage legal entity data
locations.readonlyView location data
locationsView and manage location data
titles.readonlyView title data
titlesView and manage title data
users.readonlyView user data
usersView and manage user data

Transactions API

ScopeDescription
accounts.card.readonlyView card accounts
accounts.cash.readonlyView cash accounts
statements.card.readonlyView card statement data
statements.cash.readonlyView cash statement data
transactions.card.readonlyView card transaction data
transactions.cash.readonlyView cash transaction data

Travel API

ScopeDescription
travel.trips.readonlyView trip data
travel.tripsView and manage trip data